End-user spending on enterprise information security and risk management in India is set to touch $2.08 billion in 2021, an increase of 9.5 per cent on that in 2020, according to a forecast from Gartner, Inc.

“The overnight move to remote-working in reaction to the pandemic exposed organisations’ vulnerabilities,” said Prateek Bhajanka, senior principal research analyst at Gartner.

“While security leaders had to cut down on their security spending in 2020 because of IT budget cuts, this trend is reversing in 2021. A secure digital environment is now foundational to organisations’ growth and in preparation for another crisis that may arise. Security leaders are ready to reinvest in cybersecurity with a renewed and refreshed rigour,” Bhajanka added.

Spending growth in India is a little slower than the global average of 10.5 per cent, but faster than the mature Asia-Pacific countries. The Asia-Pacific countries are expected to increase their spending in this area by 8.6 per cent. Spending growth of the emerging APAC countries is happening at a faster pace at 10.7 per cent.

India’s security spending growth rate of 9.5 per cent is reasonable considering the growth rate of the global and the mature Asia-Pacific countries, according to Bhajanka.

Focus areas

As organisations accelerate digital transformation, spending in areas such as cloud security and integrated risk management are set to grow. Many organisations also rely on Cloud. CISOs (chief information security officers) and security leaders who are aware of the risks and vulnerabilities that their organisations can be exposed to while migrating to cloud from legacy systems.

In 2021, organisations are expected to increase their spending across all segments of security and risk management. Spending on cloud security is expected to witness the highest growth this year, up 251 per cent at $31 million as compared to $9 million last year.

Spending on integrated risk management is expected to increase by 27.8 per cent to $123 million.

“India is at an early stage of cloud adoption and the pandemic has only accelerated this shift as organisations move to the cloud to achieve cost efficiency and business continuity,” said Bhajanka.

“In 2020, hyperscalers such as Amazon Web Services, Microsoft Azure and Google Cloud, increased their investment in data centres in India, further catalysing Indian organisations’ move to cloud during the pandemic.”

According to the report, organisations currently have a compliance or tick-in-the-box approach towards cybersecurity.

“This needs to change for the reason that if you only look at compliance or a narrow-focused approach towards security, you will only be reducing the risk on paper and will not be able to achieve this reduction in progress,” Bhajanka said.

Organisations should also reduce reliance on traditional network security.

Moving forward, Indian CISOs and security leaders are likely to focus on establishing and deploying threat detection and response programmes and capabilities such as endpoint detection and response (EDR), and move to cloud-delivered security capabilities to have consistent security coverage, whether working from the office, home or off-site.

By 2025, 40 per cent of boards of directors are further likely to have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10 per cent today, as per the report.